SUSE CVE-2012-5563

OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression...

PYSEC-2013-39

OpenStack Keystone Folsom 2012.2 does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token...

PT-2013-2160 · Openstack · Openstack Glance

Name of the Vulnerable Software and Affected Versions: OpenStack Glance versions 2012.1, 2012.2 before 2012.2.3, and 2012.2.3 and earlier of Grizzly Description: The issue allows remote authenticated users to obtain sensitive information by reading error messages. This occurs when the Swift...

CVE-2012-5563

OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression...

PT-2012-6028 · Openstack · Openstack Keystone

Name of the Vulnerable Software and Affected Versions: OpenStack Keystone version 2012.2 Description: The issue is related to the improper implementation of token expiration in OpenStack Keystone, allowing remote authenticated users to bypass intended authorization restrictions. This is achieved ...